You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, sorry for reporting it here. I want to report a security vulnerability that I've found in the application.
Tested on: MacOS
Affected Version: 0.9.3
Description
A critical vulnerability has been identified in the Dot Electron desktop application. The issue stems from an improperly sanitized user input in the chat box that leads to Cross-Site Scripting (XSS) vulnerability. Since the nodeIntegration attribute is set to true, it is possible to call the NodeJS API and laverage the issue to Remote Code Execution (RCE). By exploiting this XSS vulnerability, an attacker can execute arbitrary system-level commands, posing a significant security risk to end users.
Affected Code:
Lack of Sanitization of User Input and LLM Output (Root Cause):
Simple PoC:
Payload (remove the [blank]): <img[blank]src=x[blank]onerror="alert(require('child_process').execSync('id').toString());">
Recommendation:
Escape special characters or HTML Tags in the chat box. If its really needed, create a whitelist of allowed HTML tags that could not lead to issue like XSS.
Hi, sorry for reporting it here. I want to report a security vulnerability that I've found in the application.
Tested on: MacOS
Affected Version: 0.9.3
Description
A critical vulnerability has been identified in the Dot Electron desktop application. The issue stems from an improperly sanitized user input in the chat box that leads to Cross-Site Scripting (XSS) vulnerability. Since the nodeIntegration attribute is set to true, it is possible to call the NodeJS API and laverage the issue to Remote Code Execution (RCE). By exploiting this XSS vulnerability, an attacker can execute arbitrary system-level commands, posing a significant security risk to end users.
Affected Code:
Lack of Sanitization of User Input and LLM Output (Root Cause):
Dot/src/render.js
Line 61 in db2728c
Dot/src/render.js
Line 78 in db2728c
nodeIntegration set to true (Please disable it if its not needed):
Dot/src/index.js
Line 344 in db2728c
Dot/src/index.js
Line 471 in db2728c
Dot/src/index.js
Line 774 in db2728c
Simple PoC:
Payload (remove the [blank]): <img[blank]src=x[blank]onerror="alert(require('child_process').execSync('id').toString());">
Recommendation:
Escape special characters or HTML Tags in the chat box. If its really needed, create a whitelist of allowed HTML tags that could not lead to issue like XSS.
Simple Example:
{
msg = msg.replaceAll(/</g, "<");
msg = msg.replaceAll(/>/g, ">");
add more sanitization here.....
}
The text was updated successfully, but these errors were encountered: